Azure

With VMM 2019 we got the possibility to setup Azure Update Management for all new VM’s being deployed with VM Templates in VMM.

I see a great value in this as you do not need to setup a local WSUS server to do patching. And for any hoster you can easy have 1 single pane of glass in Azure to monitor and update the VM’s in your environment.

A few day’s ago the System Center team posted a blog on the Windows Server blog post about the upcoming 2019 release this month.

For the 2019 release there was not alot of new features but i wanted to highlight one, the new Azure Monitor overview page. It’s an integration between the DPM server wich is connected to Azure Backup and Azure Log Analytics.

One of the neat things you can do with Virtual Machine Manager is configure it to replicate Virtual Machines to a Azure Recovery Services Vault. And you can use Azure Site Recovery to fail those Virtual Machines over to Azure if you need to.

Let’s say your organization want’s to setup a solution against a 3rd party web solution that is hosted in the cloud like a accounting system. And your organization has a rule about this should be Single Sing-On and use your domain login credentials. You already have Azure AD Connector setup with password sync and have all the users synced to Azure AD. And then you realize that the Provider does not have a finished application with a guide in the Enterprise Application store. So what to do then?

So as i am starting a new job in less then 2 months, i thought it was time to move this site from a Virtual Machine running on my current employers S2D cluster to Azure. So i decided to share my way there. So i started googling on how to do this. There where some guides here and there. Some older ones and one from docs.microsoft.com, this one did not move everything. So i started with one, got a timeout error. Tried another did not work.

In the spring we wanted to setup SSO with our support portal freshdesk. This did not work as we where using a custom url, and the Azure SSO was expecting oursite.freshdesk.com as the reply back adress and not our custom url. This was a limitation in the Azure SSO setup.

NAS/VPN Server receives requests from VPN clients and converts them into RADIUS requests to NPS servers.

NPS Server connects to Active Directory to perform the primary authentication for the RADIUS requests and, upon success, passes the request to any installed extensions.

NPS Extension triggers a request to Azure MFA for the secondary authentication. Once the extension receives the response, and if the MFA challenge succeeds, it completes the authentication request by providing the NPS server with security tokens that include an MFA claim, issued by Azure STS.

Azure MFA communicates with Azure Active Directory to retrieve the user’s details and performs the secondary authentication using a verification method configured to the user.

The following diagram illustrates this high-level authentication request flow:

Now this is a cool new feature Microsoft has come up with. It allows you to mange your on premise servers with the Azure Portal. All you need to do is install a gateway server on your local network. Configure some steps in Azure, and install a small program and you are almost good to go.